Users who work remotely on a regular basis are assigned a company ultrabook.
We would like users who frequently are on call, but rarely actually called after hours to have a secure way to work from home without having to provide them with an expensive laptop that may collect dust for weeks or months between each use.
However, the company does not want users to use their own home PCs that could be infected with malware such as keyloggers that would be a security threat even on a RDP-only connection.
One solution might be to provide them with a more limited and inexpensive mobile device that is much less prone to malware such as an iPad or a Surface Surface 2 that can connect to VPN and RDP remote desktop to their normal workstation to actually do work remotely.
I know a RDP gateway can work without VPN, but they want the extra security of VPN required to access the RDP gateway.
Any other suggestions to accomplish these goals?
We use Cisco VPN for our Windows laptops and there is a Cisco VPN client available for iOS, but not Surface. Even though the Cisco VPN app for iOS is free, using the mobile clients on Cisco VPN may also greatly increase VPN licensing costs. So, instead of paying to upgrade our VPN license to allow mobile clients to connect, we want to look at using the VPN role built into Server 2012 R2 and putting this server in a DMZ. This would not replace our existing VPN, but would simply be a separate VPN for the exclusive use of people using the company assigned remote access devices to be able to remotely access their primary desktop workstation.
Will the Microsoft VPN work from iPads and Surface 2 with the VPN configuration settings that are native (no app installations)?